how to secure a WAP for customer wireless? 2

Cheers Coorsman

Program the Belkin to use DHCP to aquire it's IP adress etc. Set the local IP which will be used by attached devices to a different IP structure and set it to be a DHCP server. (if your 2wire is on 192.168.1.x set the Belkin to 10.10.1.x or 192.168.10.x)

Connect the internet uplink or WAN port on the Belkin device to a switch port on the 2wire. That will be numbered 1, 2 , 3 etc. Be sure it is not the WAN port. Assuming the 2Wire is set as a DHCP server it will send Ip, subnet, gateway and DNS to the Belkin. Since the Belkin is using a different IP setup for attached devices that will keep the networks segmented.

Keep in mind that this is fairly secure for wireless use but it is not bulletproof by any stretch. Of course this depends on the 2wire unit itself and it's ability to completely segment networks...

Works. Thanks.

Cheers,
Coorsman

Cool, have a great weekend.

BTW, if your client is using a WEP key for security maybe setup an item in the pos that prints the WEP key name. Employees can ring that item on a dummy tab and print it to give tto the customer... It's silly but I have clients that think that is the schitnik...

coorsman - you're an awesome help on the forums I want to return the love. but I can't right now, I'm pressed for time.

The answer you have received is functional, and I have some set up like that too, but there are problems with it and it's not PCI compliant for certain.

A better, or, more righter. er. way to do it is a bit more involved, maybe that's why posrescu didn't go into it, but has bonuses for your client. I suppose it depends on how much you like them. And how much they care to pay. A few hours of your time and a different router will be the minimum.

I'll get back to you here tonight if I can to sketch out a better way to do it. You can choose it if you wish.


D

No doubt. Have a Watchguard in front of me at this moment. Never used this one but WTH, let the fun begin.

360, Would enjoy hearing what hardware you use with your perfered setup. Could be a worthwhile share...

I was able to set up a wireless router on a different IP to the existing network, - secure - at least I couldn't ping or navigate to the BOH or terminals.

I do have watchguard routers in place at most of our new installations.

Thanks for the input.


Cheers,
Coorsman

@ prorescue

Sorry for the long delay responding here...

I was using a linksys router running DD-WRT - it supports various public wifi / hotspot configurations.

BUT then I discovered open mesh networks and completely dropped the DD-WRT path in favor of their hardware and software. Their hardware is very inexpensive and 0 recurring costs. It's easy to implement, has all the features I need, and the company is a certified Not Evil vendor


I am not in any way affiliated, just a recent fan.

We have found a great little router that works wonders for our budget conscious customers that will:
1) isolate wireless from wired networks at hardware level.
2) isolate all wireless clients from each other too.
3) provide QoS and bandwidth trottling and prioritize traffic.
Yes I have many DD-WRT installs in place but doing this is a pain in the butt with DD-WRT. It is made by Encore and I can get the exact models that do this if you would like. Thanks for all your help in the past and I hope that this helps even though it is a bit late. Oh here is one model (ENHWI-2AN3)
Coorsman if you can please get in touch about my last cntact with you. Cheers, M

Oh these router are very stable and work well with DSL, Cable and Fios. Also if you still have issues with your RAID question I have boat loads of experience with and solutions to these problems please let me know if you would like more help with this customer issue or RAID and restaurant installations in general. Thanks again, M